>> The relevant spec is RFC 2396. The slash should be encoded within
>> the URL and decoded by the library before being used as a password.
>
>Mhmmm. 2396 is similar to 1738 -- nowhere does it say explicitly that http
>URLs can have userid:password in them.
That would be redundant. It says that slash is reserved for the authority
component. It says that data characters that are reserved must be encoded.
Therefore, any slash appearing as data for the password component, which
occurs inside the authority component, must encoded.
RFC 2396 replaces 1738. Burn 1738.
What little it says about password is located in the security section.
The only entity that determines what characters are valid data for a
password is the server authority -- that is not governed by URI or HTTP.
>My point is no whether they are a good or bad idea, but merely that LWP only
>supports userids with unencoded characters. It doesn't decode %2F to /
>(before base64 encoding it), for example.
I wasn't disagreeing with you.
....Roy
